diff options
author | David Mulder <dmulder@suse.com> | 2017-08-09 11:30:00 -0600 |
---|---|---|
committer | Garming Sam <garming@samba.org> | 2017-11-20 21:41:15 +0100 |
commit | e60f49783e2d97443d1b87e48b7fa024d8aa518a (patch) | |
tree | c36a0097eb2f5eec17726d1d125738ec12212c04 /lib/param | |
parent | 4a7ccbeab7656f96e2d7cadb9be44526c52910f7 (diff) | |
download | samba-e60f49783e2d97443d1b87e48b7fa024d8aa518a.tar.gz |
gpo: Apply kerberos settings
Add kdc kerberos settings to gpo.tdb, then retrieve those settings in
lpcfg_default_kdc_policy.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib/param')
-rw-r--r-- | lib/param/param.h | 3 | ||||
-rw-r--r-- | lib/param/util.c | 49 |
2 files changed, 44 insertions, 8 deletions
diff --git a/lib/param/param.h b/lib/param/param.h index 680c053a6cc..0a3bde6c5cb 100644 --- a/lib/param/param.h +++ b/lib/param/param.h @@ -289,7 +289,8 @@ const char *lpcfg_imessaging_path(TALLOC_CTX *mem_ctx, const char *lpcfg_sam_name(struct loadparm_context *lp_ctx); const char *lpcfg_sam_dnsname(struct loadparm_context *lp_ctx); -void lpcfg_default_kdc_policy(struct loadparm_context *lp_ctx, +void lpcfg_default_kdc_policy(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, time_t *svc_tkt_lifetime, time_t *usr_tkt_lifetime, time_t *renewal_lifetime); diff --git a/lib/param/util.c b/lib/param/util.c index 52796562ec5..cd8e74b9d8f 100644 --- a/lib/param/util.c +++ b/lib/param/util.c @@ -29,6 +29,7 @@ #include "system/dir.h" #include "param/param.h" #include "libds/common/roles.h" +#include "tdb.h" /** * @file @@ -270,22 +271,56 @@ const char *lpcfg_sam_dnsname(struct loadparm_context *lp_ctx) } } -void lpcfg_default_kdc_policy(struct loadparm_context *lp_ctx, +static long tdb_fetch_lifetime(TALLOC_CTX *mem_ctx, struct tdb_context *tdb, const char *keystr) +{ + TDB_DATA key; + TDB_DATA ret; + char *tmp = NULL; + long result; + + key.dptr = discard_const_p(unsigned char, keystr); + key.dsize = strlen(keystr); + + if (!key.dptr) + return -1; + + ret = tdb_fetch(tdb, key); + if (ret.dsize == 0) + return -1; + + tmp = talloc_realloc(mem_ctx, tmp, char, ret.dsize+1); + memset(tmp, 0, ret.dsize+1); + memcpy(tmp, ret.dptr, ret.dsize); + free(ret.dptr); + + result = atol(tmp); + talloc_free(tmp); + return result; +} + +void lpcfg_default_kdc_policy(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, time_t *svc_tkt_lifetime, time_t *usr_tkt_lifetime, time_t *renewal_lifetime) { long val; + TDB_CONTEXT *ctx = NULL; + const char *kdc_tdb = NULL; + + kdc_tdb = lpcfg_cache_path(mem_ctx, lp_ctx, "gpo.tdb"); + if (kdc_tdb) + ctx = tdb_open(kdc_tdb, 0, TDB_DEFAULT, O_RDWR, 0600); - val = lpcfg_parm_long(lp_ctx, NULL, - "kdc", "service ticket lifetime", 10); + if (!ctx || ( val = tdb_fetch_lifetime(mem_ctx, ctx, "kdc:service_ticket_lifetime") ) == -1 ) + val = lpcfg_parm_long(lp_ctx, NULL, "kdc", "service ticket lifetime", 10); *svc_tkt_lifetime = val * 60 * 60; - val = lpcfg_parm_long(lp_ctx, NULL, - "kdc", "user ticket lifetime", 10); + if (!ctx || ( val = tdb_fetch_lifetime(mem_ctx, ctx, "kdc:user_ticket_lifetime") ) == -1 ) + val = lpcfg_parm_long(lp_ctx, NULL, "kdc", "user ticket lifetime", 10); *usr_tkt_lifetime = val * 60 * 60; - val = lpcfg_parm_long(lp_ctx, NULL, - "kdc", "renewal lifetime", 24 * 7); + if (!ctx || ( val = tdb_fetch_lifetime(mem_ctx, ctx, "kdc:renewal_lifetime") ) == -1 ) + val = lpcfg_parm_long(lp_ctx, NULL, "kdc", "renewal lifetime", 24 * 7); *renewal_lifetime = val * 60 * 60; } |